Merge pull request #1365 from steiler/mgmtnetiprange

allow for ip-range definition on docker mgmt net

docs/manual/network.md

@@ -119,14 +119,14 @@ name: srl02
 
 mgmt:
   network: custom_mgmt                # management network name
-  ipv4_subnet: 172.100.100.0/24       # ipv4 range
-  ipv6_subnet: 2001:172:100:100::/80  # ipv6 range (optional)
+  ipv4-subnet: 172.100.100.0/24       # ipv4 range
+  ipv6-subnet: 2001:172:100:100::/80  # ipv6 range (optional)
 
 topology:
 # the rest of the file is omitted for brevity
 ```
 
-With these settings in place, container will get their IP addresses from the specified ranges accordingly.
+With these settings in place, the container will get their IP addresses from the specified ranges accordingly.
 
 #### user-defined addresses
 
@@ -137,8 +137,8 @@ For such cases, users can define the desired IPv4/6 addresses on a per-node basi
 ```yaml
 mgmt:
   network: fixedips
-  ipv4_subnet: 172.100.100.0/24
-  ipv6_subnet: 2001:172:100:100::/80
+  ipv4-subnet: 172.100.100.0/24
+  ipv6-subnet: 2001:172:100:100::/80
 
 topology:
   nodes:
@@ -209,10 +209,26 @@ It is possible to set the desired gateway IP (that is the IP assigned to the bri
 mgmt:
   network: custom-net
   bridge: mybridge
-  ipv4_subnet: 10.20.30.0/24 # ip range for the docker network
+  ipv4-subnet: 10.20.30.0/24 # ip range for the docker network
   ipv4-gw: 10.20.30.100 # set custom gateway ip
 ```
 
+#### IP range
+
+By specifying `ipv4-range/ipv6-range` under the management network, users limit the network range from which IP addresses are allocated for a management subnet.
+
+```yaml
+mgmt:
+  network: custom-net
+  ipv4-subnet: 10.20.30.0/24 #(2)!
+  ipv4-range: 10.20.30.128/25 #(1)!
+```
+
+1. Container runtime will assign IP addresses from the `10.20.30.128/25` subnet, and `10.20.30.0/25` will not be considered.
+2. The subnet must be specified for IP ranges to work. Also note that if the container network already exists and uses a different range, then the IP range setting won't have effect.
+
+With this approach, users can prevent IP address overlap with nodes deployed on the same management network by other orchestration systems.
+
 #### external access
 
 Starting with `0.24.0` release containerlab will enable external access to the nodes by default. This means that external systems/hosts will be able to communicate with the nodes of your topology without requiring any manual configuration.

lab-examples/clos02/setup.clos02.clab.yml

@@ -2,8 +2,8 @@ name: clos02
 
 mgmt:
   network: br-clos02
-  ipv4_subnet: 172.100.100.0/24
-  ipv6_subnet: 2001:172:100:100::0/64
+  ipv4-subnet: 172.100.100.0/24
+  ipv6-subnet: 2001:172:100:100::0/64
 
 topology:
   kinds:

runtime/docker/docker.go

@@ -162,20 +162,28 @@ func (d *DockerRuntime) CreateNet(ctx context.Context) (err error) {
 			if d.mgmt.IPv4Gw != "" {
 				v4gw = d.mgmt.IPv4Gw
 			}
-			ipamConfig = append(ipamConfig, network.IPAMConfig{
+			ipamCfg := network.IPAMConfig{
 				Subnet:  d.mgmt.IPv4Subnet,
 				Gateway: v4gw,
-			})
+			}
+			if d.mgmt.IPv4Range != "" {
+				ipamCfg.IPRange = d.mgmt.IPv4Range
+			}
+			ipamConfig = append(ipamConfig, ipamCfg)
 		}
 
 		if d.mgmt.IPv6Subnet != "" {
 			if d.mgmt.IPv6Gw != "" {
 				v6gw = d.mgmt.IPv6Gw
 			}
-			ipamConfig = append(ipamConfig, network.IPAMConfig{
+			ipamCfg := network.IPAMConfig{
 				Subnet:  d.mgmt.IPv6Subnet,
 				Gateway: v6gw,
-			})
+			}
+			if d.mgmt.IPv6Range != "" {
+				ipamCfg.IPRange = d.mgmt.IPv6Range
+			}
+			ipamConfig = append(ipamConfig, ipamCfg)
 			enableIPv6 = true
 		}
 

schemas/clab.schema.json

@@ -470,15 +470,15 @@
                     "markdownDescription": "Set [bridge](https://containerlab.dev/manual/network/#bridge-name) to use for the management network (instead of the default generated bridge).",
                     "type": "string"
                 },
-                "ipv4_subnet": {
-                    "description": "IPv4 range to use for the custom management network. e.g. 172.100.100.0/24",
-                    "markdownDescription": "[IPv4 range](https://containerlab.dev/manual/network/#user-defined-addresses) to use for the custom management network. e.g. 172.100.100.0/24",
+                "ipv4-subnet": {
+                    "description": "IPv4 subnet to use for the custom management network. e.g. 172.100.100.0/24",
+                    "markdownDescription": "[IPv4 subnet](https://containerlab.dev/manual/network/#user-defined-addresses) to use for the custom management network. e.g. 172.100.100.0/24",
                     "type": "string",
                     "pattern": "^.+\/[0-9]{1,2}$"
                 },
-                "ipv6_subnet": {
-                    "description": "IPv6 range to use for the custom management network. e.g. 2001:172:100:100::/64",
-                    "markdownDescription": "[IPv6 range](https://containerlab.dev/manual/network/#user-defined-addresses) to be used for the custom management network. e.g. 2001:172:100:100::/64",
+                "ipv6-subnet": {
+                    "description": "IPv6 subnet to use for the custom management network. e.g. 2001:172:100:100::/64",
+                    "markdownDescription": "[IPv6 subnet](https://containerlab.dev/manual/network/#user-defined-addresses) to be used for the custom management network. e.g. 2001:172:100:100::/64",
                     "type": "string",
                     "pattern": "^.+\/[0-9]{1,3}$"
                 },
@@ -494,6 +494,18 @@
                     "type": "string",
                     "pattern": "^((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))(%[\\p{N}\\p{L}]+)?$"
                 },
+                "ipv4-range": {
+                    "description": "IPv4 range out of the ipv4-subnet to use for the custom management network. e.g. 172.100.100.128/25",
+                    "markdownDescription": "[IPv4 range](https://containerlab.dev/manual/network/#ip-range) out of the ipv4-subnet to use for the custom management network. e.g. 172.100.100.128/25",
+                    "type": "string",
+                    "pattern": "^.+\/[0-9]{1,2}$"
+                },
+                "ipv6-range": {
+                    "description": "IPv6 range out of the ipv6-subnet to use for the custom management network. e.g. 2001:172:100:100:8000::/65",
+                    "markdownDescription": "[IPv6 range](https://containerlab.dev/manual/network/#ip-range) out of the ipv6-subnet to use for the custom management network. e.g. 2001:172:100:100:8000::/65",
+                    "type": "string",
+                    "pattern": "^((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))(%[\\p{N}\\p{L}]+)?$"
+                },
                 "mtu": {
                     "description": "MTU for the custom network",
                     "markdownDescription": "[MTU](https://containerlab.dev/manual/network/#mtu) in Bytes for the custom management network",

tests/01-smoke/01-linux-single-node.clab.yml

@@ -4,6 +4,11 @@
 
 name: single-node
 
+mgmt:
+  network: test
+  ipv4-subnet: 172.20.30.0/24
+  ipv4-range: 172.20.30.8/30
+
 topology:
   nodes:
     l1:

tests/01-smoke/02-destroy-all.robot

@@ -2,13 +2,18 @@
 This suite tests:
 - the destroy --all operation
 - the host mode networking for l3 node
+- the ipv4-range can be set for a network
+
 
 *** Settings ***
-Library           OperatingSystem
-Suite Teardown    Run    sudo containerlab --runtime ${runtime} destroy --all --cleanup
+Library             OperatingSystem
+
+Suite Teardown      Run    sudo containerlab --runtime ${runtime} destroy --all --cleanup
+
 
 *** Variables ***
-${runtime}        docker
+${runtime}      docker
+
 
 *** Test Cases ***
 Deploy first lab
@@ -33,6 +38,13 @@ Verify host mode networking for node l3
     Should Be Equal As Integers    ${rc}    0
     Should Contain    ${output}    Thank you for using nginx
 
+Verify ipv4-range is set correctly
+    Skip If    '${runtime}' != 'docker'
+    ${rc}    ${output} =    Run And Return Rc And Output
+    ...    sudo containerlab --runtime ${runtime} inspect -t ${CURDIR}/01-linux-single-node.clab.yml
+    Log    ${output}
+    Should Contain    ${output}    172.20.30.9/24
+
 Destroy all labs
     ${rc}    ${output} =    Run And Return Rc And Output
     ...    sudo containerlab --runtime ${runtime} destroy --all --cleanup

types/types.go

@@ -42,10 +42,12 @@ type MgmtNet struct {
 	Network string `yaml:"network,omitempty" json:"network,omitempty"` // container runtime network name
 	Bridge  string `yaml:"bridge,omitempty" json:"bridge,omitempty"`
 	// linux bridge backing the runtime network
-	IPv4Subnet     string `yaml:"ipv4_subnet,omitempty" json:"ipv4-subnet,omitempty"`
+	IPv4Subnet     string `yaml:"ipv4-subnet,omitempty" json:"ipv4-subnet,omitempty"`
 	IPv4Gw         string `yaml:"ipv4-gw,omitempty" json:"ipv4-gw,omitempty"`
-	IPv6Subnet     string `yaml:"ipv6_subnet,omitempty" json:"ipv6-subnet,omitempty"`
+	IPv4Range      string `yaml:"ipv4-range,omitempty" json:"ipv4-range,omitempty"`
+	IPv6Subnet     string `yaml:"ipv6-subnet,omitempty" json:"ipv6-subnet,omitempty"`
 	IPv6Gw         string `yaml:"ipv6-gw,omitempty" json:"ipv6-gw,omitempty"`
+	IPv6Range      string `yaml:"ipv6-range,omitempty" json:"ipv6-range,omitempty"`
 	MTU            string `yaml:"mtu,omitempty" json:"mtu,omitempty"`
 	ExternalAccess *bool  `yaml:"external-access,omitempty" json:"external-access,omitempty"`
 }
@@ -179,7 +181,7 @@ type GenericFilter struct {
 // For each label=value input label, a filter with the Field matching the label and Match matching the value is created.
 // For each standalone label, a filter with Operator=exists and Field matching the label is created.
 func FilterFromLabelStrings(labels []string) []*GenericFilter {
-	gfl := []*GenericFilter{}
+	var gfl []*GenericFilter
 	var gf *GenericFilter
 	for _, s := range labels {
 		gf = &GenericFilter{